October 4, 2023

Dive Into The dYdX Chain Audit

dYdX
Dive Into The dYdX Chain Audit

Introduction

Ensuring the safety and security of the dYdX Chain software is our top priority. That’s why we are extensively testing and auditing the code to make sure that user funds are always safe. Today, we’re sharing that Informal Systems has fully audited the dYdX Chain code and all findings have been addressed by the dYdX team. Dive into the audit below.

Details of the Audit

Informal Systems implements a multi-layered, automated approach to their security audits and is well-versed in security for the Cosmos Ecosystem. They audited the dYdX Chain code in three phases.

Phase I covered:

  • Custom modules: x/assets, x/perpetuals, x/epochs, x/sending, x/prices, x/subaccounts,
  • Liquidation and price-feed daemons
  • Custom changes to forked versions of CometBFT and Cosmos SDK.

Phase II covered:

  • Custom modules: x/clob
  • Custom changes to forked versions of CometBFT and Cosmos SDK.

Phase III covered:

  • Custom modules: x/bridge, x/delaymsg, x/rewards, x/vest
  • Bridge Daemon
  • Additional custom changes to the forked version of CometBFT.

All phases of the audit are complete and we’re proud that zero critical issues currently exist within the dYdX Chain source code. The audit surfaced 1 critical issue (that is now resolved), 4 medium issues, 17 low issues and 19 informational issues. 34 of those issues were accepted and 5 issues were functioning as designed.

Thank you

Thank you to Informal Systems for their thorough audit and their commitment to help us ensure the safety and security of the dYdX Chain. We’re also hosting a bug bounty for the dYdX Chain software with payouts up to $5,000,000 depending on severity and eligibility. Any issues brought up in the audit or otherwise known by the dYdX team are not eligible for the bug bounty, and other terms and conditions apply. See the details here.

Find Informal Systems on Twitter, Github, and LinkedIn.

Legitimacy and Disclaimer

Crypto-assets can be highly volatile and trading crypto-assets involves risk of loss, particularly when using leverage. Investment into crypto-assets may not be regulated and may not be adequate for retail investors. Do your own research and due diligence before engaging in any activity involving crypto-assets.

dYdX is a decentralised, disintermediated and permissionless protocol, and is not available in the U.S. or to U.S. persons as well as in other restricted jurisdictions. The dYdX Foundation does not operate or participate in the operation of any component of the dYdX Chain’s infrastructure.

The dYdX Foundation’s purpose is to support the current implementation and any future implementations of the dYdX protocol and to foster community-driven growth in the dYdX ecosystem.

The dYdX Chain software is open-source software to be used or implemented by any party in accordance with the applicable license. At no time should the dYdX Chain and/or its software or related components be deemed to be a product or service provided or made available in any way by the dYdX Foundation. Interactions with the dYdX Chain software or any implementation thereof are permissionless and disintermediated, subject to the terms of the applicable licenses and code. Users who interact with the dYdX Chain software (or any implementations thereof) will not be interacting with the dYdX Foundation in any way whatsoever. The dYdX Foundation does not make any representations, warranties or covenants in connection with the dYdX Chain software (or any implementations and/or components thereof), including (without limitation) with regard to their technical properties or performance, as well as their actual or potential usefulness or suitability for any particular purpose, and users agree to rely on the dYdX Chain software (or any implementations and/or components thereof) “AS IS, WHERE IS”.

Nothing in this post should be used or considered as legal, financial, tax, or any other advice, nor as an instruction or invitation to act by anyone.  Users should conduct their own research and due diligence before making any decisions. The dYdX Foundation may alter or update any information in this post in the future at its sole discretion and assumes no obligation to publicly disclose any such change. This post is solely based on the information available to the dYdX Foundation at the time it was published and should only be read and taken into consideration at the time it was published and on the basis of the circumstances that surrounded it. The dYdX Foundation makes no guarantees of future performance and is under no obligation to undertake any of the activities contemplated herein.

Resources
Help CenterBlogAcademyMarketsBrandTerms of UsePrivacy Policy
Ecosystem
dYdX LabsdYdX FoundationdYdX Operations subDAOdYdX Grants subDAOIntegrate
Legacy Product
ExchangeCommunity
© 2025 dYdX Foundation. All rights reserved.

dYdX is a decentralised, disintermediated and permissionless protocol, and is not available in the U.S. or to U.S. persons as well as in other restricted jurisdictions. The dYdX Foundation does not operate or participate in the operation of any component of the dYdX Chain's infrastructure.

Nothing in this website should be used or considered as legal, financial, tax, or any other advice, nor as an instruction or invitation to act in any way by anyone. You should perform your own research and due diligence before engaging in any activity involving crypto-assets due to high volatility and risks of loss.

Depositing into the MegaVault carries risks. Do your own research and make sure to understand the risks before depositing funds. MegaVault returns are not guaranteed and may fluctuate over time depending on multiple factors. MegaVault returns may be negative and you may lose your entire investment.

The dYdX Foundation does not operate or has control over the MegaVault and has not been involved in the development, deployment and operation of  any component of the dYdX Unlimited software (including the MegaVault).

Crypto-assets can be highly volatile and trading crypto-assets involves risk of loss, particularly when using leverage. Investment into crypto-assets may not be regulated and may not be adequate for retail investors. Do your own research and due diligence before engaging in any activity involving crypto-assets.

Leaving site

Leaving site. By clicking ‘Continue’, you will be leaving the dYdX Foundation (“dYdX Foundation”) website and accessing a website made available by a third party using dYdX v4 open-source software that is independent from and unaffiliated with the dYdX Foundation. The dYdX Foundation does not deploy or run dYdX v4 software for public use, nor does it operate or control any such infrastructure. The dYdX Foundation is not responsible for any action taken by independent third parties or for content on any third-party websites, including the one you would access by clicking ‘Continue’.

The dYdX Foundation services and products are not available to persons who are residents of, are located or incorporated in, or have a registered office in the U.S., Canada or a Restricted Territory.  More details can be found in our Terms of Use. Learn more about dYdX v4 third-party front end options here.

Continue